| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACh33FrCn+pDPNLVnrYVQ5sf92m8hj+oiQJ2U6RM2CtqDBf=OQ@mail.gmail.com> Date: Sun, 28 Jun 2015 13:20:34 -0400 From: Patrick Donnelly <batrick@...bytes.com> To: Peter Hurley <peter@...leysoftware.com> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby <jslaby@...e.cz>, open list <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2 1/2] tty: add missing rcu_read_lock for task_pgrp On Sun, Jun 28, 2015 at 11:23 AM, Peter Hurley <peter@...leysoftware.com> wrote: > On 06/27/2015 08:51 PM, Patrick Donnelly wrote: >> task_pgrp requires an rcu or tasklist lock to be obtained if the returned pid >> is to be dereferenced, which kill_pgrp does. Obtain an RCU lock for the >> duration of use. > > kill_pgrp() obtains tasklist_lock, so I don't see an unsafe deref. I see a race between looking up the pgrp via task_pgrp and passing it to kill_pgrp. The pgrp struct pid may be freed via setpgid/setsid, as mentioned in the comment for task_pgrp: * Without tasklist or rcu lock it is not safe to dereference * the result of task_pgrp/task_session even if task == current, * we can race with another thread doing sys_setsid/sys_setpgid. Getting the lock after the lookup is getting the lock too late. I could be wrong though as I'm no expert on locking in Linux. -- Patrick Donnelly -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists